You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

ransomware damage control

My laptop was hit by a ransomware virus yesterday. unfortunately I had not backed up my computer for a couple of months now. It posted a ransomware threat on my screen so I immediately shut the laptop off thinking that might stop the harm but it didn't..By then the virus did not lock the computer but it slowed it down tremendously.

After two trials to reboot I decided to refresh the computer so my apps were gone.

When I rebooted I saw my files were still there so I backed the main files onto an external drive.

I tried to open my files but all my MS Office 2010 files and pdf files would not open while the Word files would open into unreadable junk and when checking their properties they were missing the Custom tab. The open & repair option did not work neither. My AutoCAD files were not infected initially but I started seeing signs of infection later on.

When scanning for Malware I found two Ransom.Cerber files. Then I found more PUP files and when scanned by AVG i found Win32:Malware-gen.

I am still trying to clean my computer but extremely worried that my files are lost. Would anyone have answer on how to completely clean the computer and retrieve the files?

I would appreciate some advice on this matter?

thanks

Edited by Chris Cosgrove, 05 April 2017 - 05:49 PM.Moved from Introductions to Ransomware support

BC AdBot (Login to Remove)

Did you submit any samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

When you discover that your computer is infected with ransomware, one of the first things we advise is to create a copy or image of the entire hard drive. Doing that allows you to save the complete state of your system (and all encrypted data) in the event that a free decryption solution is developed in the future. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.